Title: Message
|
Can
that problem be duplicated with something else? My first idea would be to
try a SYN scan. Basically, a SYN scan requests a connection to a port and
if acknowledged, it never finishes the connection by either completing it or
aborting it.
The
easiest way to do this might be with nmap. You want to do a SYN scan (-sS)
and you only want port 443 (-p 443). The -v switch gives verbosity, the
-P0 switch keeps nmap from trying to ping the destination and of course the last
argument is the destination where your daemon is running.
nmap
-sS -v -p 443 -P0 192.168.1.5
I have written a daemon software in Linux. It
will listen on port 443 and forward the connections to Apache daemon. The
software works well for me.
But after the Nessus scans the system, there
are some permanent ESTABLISHED TCP connections .
[192.168.1.1, with my daemon
software]<-------------->[192.168.1.5, with Nessus]
[EMAIL PROTECTED] root]# netstat -na|grep
ESTABLISHED
tcp
0 0
192.168.1.1:443
192.168.1.5:51388 ESTABLISHED
tcp
0 0
192.168.1.1:443
192.168.1.5:51681 ESTABLISHED
When the nessus scanning is over, this kind of
ESTABLISHED TCP connections will last for ever if we do not restart my daemon
software. And after the nessus scanning, the 192.168.1.5 do not have any
connections to 192.168.1.1 in fact. I even power off the 192.168.1.5 to make
sure.
There must be some bugs in my software. I
am wondering what kind of scanning will cause this.
Thanks in advance for any
help.
|
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
